======================================
| [  403.438069][ T4113] br1: entered promiscuous mode
| [  403.713820][    C0] ------------[ cut here ]------------
| [  403.714144][    C0] WARNING: ./include/linux/skbuff.h:3239 at __udp6_lib_err_encap+0x614/0x950, CPU#0: bash/4123
| [  403.714546][    C0] Modules linked in: macvlan vxlan ip6_udp_tunnel udp_tunnel act_pedit cls_flower act_mirred 8021q bridge stp llc ip6_gre ip6_tunnel tunnel6 act_gact cls_matchall ip_gre gre sch_ingress vrf veth
[  403.715542][    C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  403.715741][    C0] RIP: 0010:__udp6_lib_err_encap (./include/linux/skbuff.h:3239 (discriminator 3) ./include/linux/skbuff.h:3235 (discriminator 3) net/ipv6/udp.c:652 (discriminator 3))
[  403.715956][    C0] Code: 08 84 d2 0f 85 4f 02 00 00 44 8b 4b 28 e9 a9 fe ff ff 4c 8b 6c 24 20 4c 8b 7c 24 28 45 31 e4 4c 8b 74 24 30 e9 d7 fd ff ff 90 <0f> 0b 90 48 29 c5 48 89 e8 48 81 fd ff ff 00 00 0f 86 ff fa ff ff
All code
========
   0:	08 84 d2 0f 85 4f 02 	or     %al,0x24f850f(%rdx,%rdx,8)
   7:	00 00                	add    %al,(%rax)
   9:	44 8b 4b 28          	mov    0x28(%rbx),%r9d
   d:	e9 a9 fe ff ff       	jmp    0xfffffffffffffebb
  12:	4c 8b 6c 24 20       	mov    0x20(%rsp),%r13
  17:	4c 8b 7c 24 28       	mov    0x28(%rsp),%r15
  1c:	45 31 e4             	xor    %r12d,%r12d
  1f:	4c 8b 74 24 30       	mov    0x30(%rsp),%r14
  24:	e9 d7 fd ff ff       	jmp    0xfffffffffffffe00
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	48 29 c5             	sub    %rax,%rbp
  30:	48 89 e8             	mov    %rbp,%rax
  33:	48 81 fd ff ff 00 00 	cmp    $0xffff,%rbp
  3a:	0f 86 ff fa ff ff    	jbe    0xfffffffffffffb3f

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	48 29 c5             	sub    %rax,%rbp
   6:	48 89 e8             	mov    %rbp,%rax
   9:	48 81 fd ff ff 00 00 	cmp    $0xffff,%rbp
  10:	0f 86 ff fa ff ff    	jbe    0xfffffffffffffb15
[  403.716526][    C0] RSP: 0018:ffa0000000007690 EFLAGS: 00010293
[  403.716725][    C0] RAX: ff11000009342340 RBX: ff1100000f301a80 RCX: ff110000093423b0
[  403.716965][    C0] RDX: ff11000009342380 RSI: ff11000009342388 RDI: fffffffffffffff8
[  403.717204][    C0] RBP: ff11000009342388 R08: 1fe2200001e60369 R09: ff1100000f301a80
[  403.717438][    C0] R10: ffffffffb5f35c00 R11: 0000000000000003 R12: 0000000000000000
[  403.717673][    C0] R13: ff1100000f301b32 R14: ff1100000f301b40 R15: ff1100000f301b34
[  403.717914][    C0] FS:  0000000000000000(0000) GS:ff11000080fab000(0000) knlGS:0000000000000000
[  403.718192][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  403.718391][    C0] CR2: 00007facc003a000 CR3: 0000000014a43005 CR4: 0000000000771ef0
[  403.718626][    C0] PKRU: 55555554
[  403.718744][    C0] Call Trace:
[  403.718869][    C0]  <IRQ>
[  403.718954][    C0]  udpv6_err (net/ipv6/udp.c:714)
[  403.719074][    C0]  ? rcu_read_lock_any_held (kernel/rcu/update.c:381)
[  403.719240][    C0]  ? __udp6_lib_err_encap (net/ipv6/udp.c:695)
[  403.719394][    C0]  ? netlink_broadcast_filtered (./include/linux/instrumented.h:112 ./include/linux/atomic/atomic-instrumented.h:1383 net/netlink/af_netlink.c:460 net/netlink/af_netlink.c:1537)
[  403.719588][    C0]  ? kasan_save_stack (mm/kasan/common.c:58)
[  403.719744][    C0]  ? kasan_save_track (mm/kasan/common.c:70 (discriminator 1) mm/kasan/common.c:79 (discriminator 1))
[  403.719906][    C0]  ? kasan_save_free_info (mm/kasan/generic.c:587 (discriminator 1))
[  403.720063][    C0]  icmpv6_notify (net/ipv6/icmp.c:1087)
[  403.720224][    C0]  ? icmpv6_param_prob_reason (net/ipv6/icmp.c:1039)
[  403.720381][    C0]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2))
[  403.720539][    C0]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[  403.720695][    C0]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[  403.720856][    C0]  icmpv6_rcv (net/ipv6/icmp.c:1230)
[  403.721014][    C0]  ip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:480)
[  403.721179][    C0]  ip6_input_finish (net/ipv6/ip6_input.c:532)
[  403.721335][    C0]  ip6_input (./include/linux/rcupdate.h:867 net/ipv6/ip6_input.c:543)
[  403.721453][    C0]  ? ip6_input_finish (net/ipv6/ip6_input.c:536)
[  403.721606][    C0]  ? ip6_rcv_core (./include/linux/rcupdate.h:310 (discriminator 2) ./include/linux/rcupdate.h:869 (discriminator 2) net/ipv6/ip6_input.c:328 (discriminator 2))
[  403.721762][    C0]  ? __asan_memset (mm/kasan/shadow.c:84 (discriminator 2))
[  403.721924][    C0]  ? ip6_rcv_core (./include/net/sock.h:2995 net/ipv6/ip6_input.c:331)
[  403.722083][    C0]  ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3))
[  403.722244][    C0]  ipv6_rcv (./include/net/dst.h:480 (discriminator 4) net/ipv6/ip6_input.c:119 (discriminator 4) ./include/linux/netfilter.h:318 (discriminator 4) ./include/linux/netfilter.h:312 (discriminator 4) net/ipv6/ip6_input.c:351 (discriminator 4))
[  403.722361][    C0]  ? ip6_rcv_core (net/ipv6/ip6_input.c:345)
[  403.722515][    C0]  ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3))
[  403.722669][    C0]  ? trace_pelt_cfs_tp (./include/trace/events/sched.h:833 (discriminator 24))
[  403.722832][    C0]  ? mark_usage (kernel/locking/lockdep.c:4674 (discriminator 1))
[  403.722987][    C0]  ? __lock_acquire (kernel/locking/lockdep.c:5237)
[  403.723143][    C0]  ? process_backlog (./include/linux/local_lock_internal.h:62 (discriminator 2) net/core/dev.c:6671 (discriminator 2))
[  403.723304][    C0]  __netif_receive_skb_one_core (net/core/dev.c:6202)
[  403.723499][    C0]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 (discriminator 2) kernel/locking/lockdep.c:5870 (discriminator 2))
[  403.723654][    C0]  ? __netif_receive_skb_list_core (net/core/dev.c:6202)
[  403.723855][    C0]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3))
[  403.724012][    C0]  process_backlog (./include/linux/rcupdate.h:867 net/core/dev.c:6674)
[  403.724173][    C0]  __napi_poll (net/core/dev.c:7737)
[  403.724294][    C0]  net_rx_action (net/core/dev.c:7800 net/core/dev.c:7957)
[  403.724453][    C0]  ? __napi_poll (net/core/dev.c:7919)
[  403.724608][    C0]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[  403.724764][    C0]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3))
[  403.724931][    C0]  ? clockevents_program_event (kernel/time/clockevents.c:369 (discriminator 1))
[  403.725128][    C0]  ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1))
[  403.725286][    C0]  handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623)
[  403.725442][    C0]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[  403.725597][    C0]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[  403.725750][    C0]  ? _local_bh_enable (kernel/softirq.c:580)
[  403.725910][    C0]  ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141)
[  403.726066][    C0]  __irq_exit_rcu (kernel/softirq.c:496 (discriminator 1) kernel/softirq.c:735 (discriminator 1))
[  403.726225][    C0]  irq_exit_rcu (kernel/softirq.c:754)
[  403.726341][    C0]  sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1061 (discriminator 37) arch/x86/kernel/apic/apic.c:1061 (discriminator 37))
[  403.726497][    C0]  </IRQ>
[  403.726579][    C0]  <TASK>
[  403.726656][    C0]  ? init_object (mm/slub.c:1271)
[  403.726816][    C0]  asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697)
[  403.727007][    C0] RIP: 0010:qlist_free_all (mm/kasan/quarantine.c:146 mm/kasan/quarantine.c:179)
[  403.727174][    C0] Code: e1 00 00 00 4c 89 6c 24 18 49 89 f5 4c 89 74 24 20 49 89 fe 48 89 6c 24 08 4c 89 64 24 10 eb 34 48 63 85 b8 00 00 00 4c 8b 23 <48> 89 ef 48 29 c3 48 89 de e8 28 ef ff ff 66 90 48 89 de 48 89 ef
All code
========
   0:	e1 00                	loope  0x2
   2:	00 00                	add    %al,(%rax)
   4:	4c 89 6c 24 18       	mov    %r13,0x18(%rsp)
   9:	49 89 f5             	mov    %rsi,%r13
   c:	4c 89 74 24 20       	mov    %r14,0x20(%rsp)
  11:	49 89 fe             	mov    %rdi,%r14
  14:	48 89 6c 24 08       	mov    %rbp,0x8(%rsp)
  19:	4c 89 64 24 10       	mov    %r12,0x10(%rsp)
  1e:	eb 34                	jmp    0x54
  20:	48 63 85 b8 00 00 00 	movslq 0xb8(%rbp),%rax
  27:	4c 8b 23             	mov    (%rbx),%r12
  2a:*	48 89 ef             	mov    %rbp,%rdi		<-- trapping instruction
  2d:	48 29 c3             	sub    %rax,%rbx
  30:	48 89 de             	mov    %rbx,%rsi
  33:	e8 28 ef ff ff       	call   0xffffffffffffef60
  38:	66 90                	xchg   %ax,%ax
  3a:	48 89 de             	mov    %rbx,%rsi
  3d:	48 89 ef             	mov    %rbp,%rdi

Code starting with the faulting instruction
===========================================
   0:	48 89 ef             	mov    %rbp,%rdi
   3:	48 29 c3             	sub    %rax,%rbx
   6:	48 89 de             	mov    %rbx,%rsi
   9:	e8 28 ef ff ff       	call   0xffffffffffffef36
   e:	66 90                	xchg   %ax,%ax
  10:	48 89 de             	mov    %rbx,%rsi
  13:	48 89 ef             	mov    %rbp,%rdi
[  403.727730][    C0] RSP: 0018:ffa00000007178b8 EFLAGS: 00000246
[  403.727933][    C0] RAX: 0000000000000160 RBX: ff1100001424ec20 RCX: ff11000001956abf
[  403.728169][    C0] RDX: 0000000000000000 RSI: 000000001424ec20 RDI: ff1100001424ec20
[  403.728402][    C0] RBP: ff11000001956ac0 R08: 0000000000000000 R09: 0000000000000000
[  403.728635][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: ff11000008e21868
[  403.728874][    C0] R13: 0000000000000000 R14: ffa00000007178e8 R15: 0000000000000001
[  403.729113][    C0]  ? qlist_free_all (mm/kasan/../slab.h:172 (discriminator 1) mm/kasan/quarantine.c:131 (discriminator 1) mm/kasan/quarantine.c:176 (discriminator 1))
[  403.729272][    C0]  kasan_quarantine_reduce (./include/linux/srcu.h:484 (discriminator 2) mm/kasan/quarantine.c:287 (discriminator 2))
[  403.729425][    C0]  __kasan_slab_alloc (mm/kasan/common.c:350)
[  403.729578][    C0]  __kmalloc_cache_noprof (./include/linux/kasan.h:253 mm/slub.c:4538 mm/slub.c:4866 mm/slub.c:5375)
[  403.729733][    C0]  ovl_open (fs/overlayfs/file.c:101 (discriminator 1) fs/overlayfs/file.c:226 (discriminator 1))
[  403.729858][    C0]  ? ovl_llseek (fs/overlayfs/file.c:199)
[  403.730012][    C0]  ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141)
[  403.730168][    C0]  ? ovl_llseek (fs/overlayfs/file.c:199)
[  403.730323][    C0]  do_dentry_open (fs/open.c:948)
[  403.730479][    C0]  vfs_open (fs/open.c:1079)
[  403.730596][    C0]  ? may_open (fs/namei.c:4277)
[  403.730711][    C0]  ? lookup_open.isra.0 (fs/namei.c:4565)
[  403.730873][    C0]  do_open (fs/namei.c:4699)
[  403.730988][    C0]  ? init_file.isra.0 (./arch/x86/include/asm/atomic64_64.h:20 ./include/linux/atomic/atomic-arch-fallback.h:2629 ./include/linux/atomic/atomic-long.h:79 ./include/linux/atomic/atomic-instrumented.h:3224 ./include/linux/file_ref.h:61 fs/file_table.c:229)
[  403.731274][    C0]  path_openat (fs/namei.c:4859)
[  403.731429][    C0]  ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 4) kernel/rcu/tree.c:4032 (discriminator 4))
[  403.731620][    C0]  ? kernel_tmpfile_open (fs/namei.c:4840)
[  403.731773][    C0]  ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 3) kernel/locking/lockdep.c:3821 (discriminator 3) kernel/locking/lockdep.c:3876 (discriminator 3))
[  403.732045][    C0]  ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4040 (discriminator 4) kernel/rcu/tree.c:4032 (discriminator 4))
[  403.732244][    C0]  do_file_open (fs/namei.c:4887)
[  403.732398][    C0]  ? path_openat (fs/namei.c:4879)
[  403.732556][    C0]  ? page_get_link_raw (fs/namei.c:6369)
[  403.732827][    C0]  ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141)
[  403.732980][    C0]  ? _raw_spin_unlock (./include/linux/spinlock_api_smp.h:169 (discriminator 4) kernel/locking/spinlock.c:190 (discriminator 4))
[  403.733134][    C0]  ? alloc_fd (fs/file.c:612 (discriminator 1))
[  403.733257][    C0]  do_sys_openat2 (./include/linux/file.h:165 fs/open.c:1364)
[  403.733520][    C0]  ? build_open_flags (fs/open.c:1357)
[  403.733677][    C0]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[  403.733838][    C0]  __x64_sys_openat (fs/open.c:1381)
[  403.733991][    C0]  ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 arch/x86/mm/fault.c:1480 arch/x86/mm/fault.c:1527)
[  403.734259][    C0]  ? __ia32_sys_open (fs/open.c:1381)
[  403.734412][    C0]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3))
[  403.734565][    C0]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 3) kernel/rcu/tree.c:752 (discriminator 3))
[  403.734719][    C0]  ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 24))
[  403.735027][    C0]  do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
[  403.735186][    C0]  ? trace_hardirqs_off (kernel/trace/trace_preemptirq.c:106 (discriminator 9))
[  403.735337][    C0]  ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3))
[  403.735491][    C0]  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[  403.735796][    C0] RIP: 0033:0x7facc0084855
[  403.735959][    C0] Code: 48 89 e5 48 89 55 e0 41 83 e2 40 75 28 89 f2 f7 d2 81 e2 00 00 41 00 74 1c 89 f2 bf 9c ff ff ff 48 89 c6 b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 23 5d c3 90 48 8d 4d 10 c7 45 b8 10 00 00 00
All code
========
   0:	48 89 e5             	mov    %rsp,%rbp
   3:	48 89 55 e0          	mov    %rdx,-0x20(%rbp)
   7:	41 83 e2 40          	and    $0x40,%r10d
   b:	75 28                	jne    0x35
   d:	89 f2                	mov    %esi,%edx
   f:	f7 d2                	not    %edx
  11:	81 e2 00 00 41 00    	and    $0x410000,%edx
  17:	74 1c                	je     0x35
  19:	89 f2                	mov    %esi,%edx
  1b:	bf 9c ff ff ff       	mov    $0xffffff9c,%edi
  20:	48 89 c6             	mov    %rax,%rsi
  23:	b8 01 01 00 00       	mov    $0x101,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 23                	ja     0x55
  32:	5d                   	pop    %rbp
  33:	c3                   	ret
  34:	90                   	nop
  35:	48 8d 4d 10          	lea    0x10(%rbp),%rcx
  39:	c7 45 b8 10 00 00 00 	movl   $0x10,-0x48(%rbp)

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 23                	ja     0x2b
   8:	5d                   	pop    %rbp
   9:	c3                   	ret
   a:	90                   	nop
   b:	48 8d 4d 10          	lea    0x10(%rbp),%rcx
   f:	c7 45 b8 10 00 00 00 	movl   $0x10,-0x48(%rbp)
[  403.736637][    C0] RSP: 002b:00007ffc76e98320 EFLAGS: 00000206 ORIG_RAX: 0000000000000101
[  403.736877][    C0] RAX: ffffffffffffffda RBX: 00007ffc76e985b0 RCX: 00007facc0084855
[  403.737222][    C0] RDX: 0000000000080000 RSI: 00007ffc76e983a0 RDI: 00000000ffffff9c
[  403.737454][    C0] RBP: 00007ffc76e98320 R08: 00007ffc76e98597 R09: 0000000000000000
[  403.737688][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffc76e983a0


Finger prints:
__udp6_lib_err_encap:udpv6_err:icmpv6_notify:icmpv6_rcv:ip6_protocol_deliver_rcu